Firms to ditch private data
Cyber threat biggest risk
Australian companies plan to cut the amount of personal information they collect from consumers in a bid to slash the risk of cyber attacks, underlining one of the biggest challenges facing corporate Australia in 2024.
Restructuring and advisory firm McGrathNicol said businesses are waking up to the risks that cyber threats pose and are stepping up plans to mitigate the financial or reputation impact from a breach.
Cyber threats have rapidly increased in frequency over the past year and impacted all parts of the economy from DP World to Latitude Financial and HWL Ebsworth, and more recently Court Services Victoria and health network operator St Vincent’s.
McGrathNicol chairman Jason Preston said the cyber risk was not going to disappear anytime soon for businesses, which has prompted many to take steps to understand the consequences and attempt to get ahead of the curve by reducing exposure.
“There’s real regulatory consequences now for companies getting in this situation with potential theft of personal information,” he said.
“As a result there has been a shift from seeing cyber resilience as a cost of the business to one of managing the consequences now.”
“Companies are saying if I’m not doing what’s expected of me by the market, by my customers, by the regulators, then as a director, I’ve got a real exposure, and reputationally the business has exposure.” Cyber threats were named the single biggest external threat to running a business according to the country’s top corporate leaders in The Australian’s 2024 CEO survey published last month.
Mr Preston said there had been a steady increase in recent months of companies becoming more proactive and waking up to the challenge that cyber threats pose and reviewing what information is held and whether it is required.
“Managing information has become a real focus, particularly for large organisations that hold a lot of private information,” he said.
“I think it’s really important for directors and management teams to understand what good looks like from a cyber resilience and information management perspective.”
Latitude Financial was hacked by cyber criminals in March last year with details of 14 million customers stolen, including personal information from clients as far back as the mid 2000s.
The McGrathNicol chairman since 2020 said that businesses needed to understand what private information was being held and challenge themselves whether they need to have it and if not put a project around how to dispose of it or to ensure it is protected and isolated if needed.
“It is about understanding how to better manage the consequences if there is a breach, so companies are now shifting their focus to those points given recent events,” he said.